Millions of Americans are using free VPN apps that covertly proxy their traffic through Chinese companies, including several sanctioned firms linked to China’s military, a report by the Tech Transparency Project (TTP) reveals.
One in five of the top one hundred free VPN apps in the US App Store were secretly owned by Chinese companies and individuals. These apps were downloaded over 70 million times from US app stores, according to AppMagic data.
People use VPNs as a privacy tool that cloaks their real IP address and encrypts traffic in transit. However, a flawed VPN can completely undermine this, compromising user privacy and security.
Chinese laws require local organizations and individuals to cooperate with state intelligence and provide access to any data.
“Chinese intelligence agencies may demand access to data of US individuals and businesses held by Chinese entities and even compel the creation of backdoors in equipment and software,” TTP said.
According to the report, several of the VPN apps are owned by the subsidiaries of Qihoo 360, which the US Department of Defense has designated as a “Chinese Military Company.”
Which apps have links to China?
Qihoo 360 recently acquired the developer of Turbo VPN, which ranked 13th in the top 100 free VPN apps list. Its subsidiaries are also behind VPN Proxy Master (ranked 12th), Thunder VPN (ranked 60th), and Snap VPN (unranked).
This year, TurboVPN has been advertised on Facebook and Instagram for Spanish-speaking users in the US, “saying Turbo VPN can help with the threatened US TikTok ban.”
Many other VPN apps were traced back to Hong Kong companies owned by individuals or companies in mainland China.
X-VPN, the 4th most popular free VPN app in the US for iPhone and iPad in 2024, was developed by Free Connected Limited, and the filings indicate that its owner is Chinese tech firm Chengdu Zhuozhuo Technology.
Similarly, the VPNIFY app, ranked 25th, was developed by “Neonetworks solution ltd” in Hong Kong, and the sole shareholder was a Chinese citizen.
An app called VPN Bucks, ranked 22nd, was developed by a company owned by another Chinese Citizen.
Other apps, traced back to China, include “WireVPN – Fast VPN & Proxy,” “Wirevpn – Secure & Fast VPN,” “VPN Proxy OvpnSpider,” “Best VPN Proxy AppVPN,” “Ostrich VPN,” “Hula VPN,” “Speedy Quark VPN,” “Now VPN,” “Pearl VPN,” and five other apps that have already been removed from the App Store.
None of the 20 Chinese-owned apps clearly disclosed their Chinese connections, and some actively concealed their ownership through layers of shell companies. TTP examined records of 100 apps where available.
“More than a dozen of the Chinese VPNs were also available in Apple’s App Store in France in late February, showing that the issue extends to other Western markets,” TTP said.
Users exposed to surveillance
TTP also raises concerns about enforcing Apple’s policies. While these policies do not allow the disclosure of data to third parties, Chinese apps can be required by law to turn over user data to Chinese authorities.
Malwarebytes explains that users must be able to trust the company that operates the proxy network used for VPN service – “they get to see all of your traffic as it passes through those channels.”
“While VPNs are a useful way to achieve some privacy online, this report highlights the importance of due diligence when choosing a technology provider. Not all VPNs are created equal – and just because they’re in Apple’s App Store doesn’t mean that they’re automatically above board,” the security firm warns.
Your email address will not be published. Required fields are markedmarked